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ROM (16K) 
= OPERATING SYSTEM 
= COMMUNICATION 
= SECURITY DES, RSA) 
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MICROPROCESSOR 
= 8 BIT 
= 5 MHZ, 5V 
= OPTIONAL CRYPTO- 
COPROCESSOR 



RAM = 4 KB 



EEPROM = 16K 
= FILESYSTEM 
= PROGRAM FILES 
= KEYS 

= PASSWORDS 
= APPLICATIONS 
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PROTECTED CA 
CREDENTIALS 
(WRITE PROTECTED) 
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USER'S CERTIFICATE 
AND 
KEY PAIR #1 



USER'S CERTIFICATE 
AND 
KEY PAIR #N 



CA'S ID 
CA'S NAME 
X.509 VERSION 
VALIDITY 

SIGNATURE ALGORITHM 
PUBLIC ROOT KEY 
DIGITAL SIGNATURE 



NAME OF ISSUER 
ISSUER'S ID 
USER ID 
X.509 VERSION 

SIGNATURE ALGORITHM 
PUBLIC KEY 1 
DIGITAL SIGNATURE 



NAME OF ISSUER 
ISSUER'S ID 
USER ID 
X.509 VERSION 

SIGNATURE ALGORITHM 
PUBLIC KEY N 
DIGITAL SIGNATURE 



CA PUBLIC ROOT KEY 




USER'S PUBLIC KEY 1 USER'S PUBLIC KEY N 



USER'S PRIVATE KEY 1 USER'S PRIVATE KEY N 
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-TRANSFER THE NEW USER 
CERTIFICATE AND STORE IT 
AS TEMP. OBJECT. 

- BUILD HASH OF NEW USER 
CERTIFICATE. 

-VERIFY DIGITAL SIGNATURE 
CONTAINED IN THE USER 
CERTIFICATE USING THE 'CA 
ROOT PUBLIC KEY' OBJECT. 




SET ERROR 
CODE AND 
END 



-NO- 



YES 
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- CREATE (REPLACE) NEW 
USER CERTIFICATE OBJECT 
ON CARD. 

- DELETE TEMPORARY 
OBJECT. 











COMMENT 
THREE USER OBJECTS 

- USER'S PUBLIC KEY 

- USER'S PRIVATE KEY 

- USER'S CERTIFICATE FOR PUBLIC KEY 

ARE NOW AVAILABLE AS GROUP WITH SAME 
ID VIA THE APPLICATION INTERFACES 
FOR CREATION AND VERIFICATION OF , 
DIGITAL SIGNATURES 




END 
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AT FIRST TIME SMART CARD ID 
USED IN A SESSION: VERIFY IF 
VALID SMART CARD WITH ROOT 
CERTIFICATE OF CA IS AVAILABLE 




YES 
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GET SELECTED USER'S CERTIFICATE 
FROM CARD AND CHECK IT'S 

CORRECT SIGNATURE USING THE 'CA 
ROOT PUBLIC KEY' OBJECT 




YES 
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BUILD HASH OF MESSAGE TO BE 
SIGNED. CREATE SIGNATURE ON 
SMART CARD USING USER'S PRIVATE 
KEY 



NO 



SIGNATURE GEN. 
OK? 



YES 
1 



170 

ATTACH GENERATED SIGNATURE AND 
VALIDUSER CERTIFICATE TO 
DOCUMENT 



COMMENT 

A CORRECTLY SIGNED MESSAGE HAS BEEN 

GENERATED WITH THE CORRECT USER 
CERTIFICATE, WHICH PROVES THE VALIDITY 
AND THE AUTHENTICITY OF THE DOCUMENT 
VWHEN RECEIVED VIA INSECURE NETWORKS, 



